I have asp.net core mvc app that has only login with azure ad. What I want to do is. User logs in with their microsoft account and then it looks to my db, gets rights and then sets roles to user. So basically: clicks login --> sings in with his acc --> I look to db and set his roles --> He can now acces only some content. I really dont know how to do it so thanks for anything.
Slightly different answer. Try out the Add authorization using app roles & roles claims to an ASP.NET Core web app thats signs-in users with the Microsoft identity platform sample to see how the new Policy-based authorization in ASP.NET Core is used to work with Azure AD's app roles.
You'd replace the Azure AD's roles with yours and it should satisfy your requirement.
Related
The issue that currently we are facing is our users in China have delay in signing into Azure Ad.
I want to create an Asp.net application that acts as an identity service provider for other applications.
I want my users to login to my application using their Microsoft live accounts and my application should be able to cache the identities to avoid delay.
Is it possible to implement such a solution?
I tried to repro in my Lab and successfully tested that my user can login without any delay of time below are the steps:
Deployed my ASP. NET application to Azure> Go to APP service> Authentication >ADD identity Provider
In the identity provider>select Microsoft account >By Default App registration will be created /Or we can create new one. >Support account type Select your account type to login users select Any azure AD directory & Microsoft accounts.
After added successfully you can check or edit the identity provider.
And then tested my app which required Microsoft live accounts to sign-in users .
For further information please refer below links :
.To Enable multi-factor authentication in Azure Active Directory B2C.
. Considerations for using caching.
Is it possible to mix authentication types in a C# ASP.NET MVC web application hosted in Azure?
I have an ASP.NET MVC application written in C# that uses ASP.NET Identity as its authentication system.
A customer has asked if they can sign into the application using their Azure Active Directory (SSO using openconnect id).
I can recreate the application using openconnectid and assign their tenant as the AAD directory but users from my company can not log into the application because we do not exist in the customers Azure Active Directory.
We need to be able to log into the application because we perform data entry tasks for them using the web app.
Has anyone come across a similar issue?
Regards,
Graham
You may need to show login screen with 2 possible options. You redirect the user to their respective identity provider , they get authenticated and bring back the access_token/Id_token to access application resources.
Very much like different OpenID connect providers in the same application(FB, Google, Microsoft etc) and regardless of which provider user choose to get authenticated the token is same to access resources.
I have an ASP.NET MVC site that runs on www.company.com and has all the user registration and login pages etc. I use Identity 2.0 for user management.
I would like to start migrating the site to an angular application with asp.net core web API on app.company.com
I'm not sure how to manage the user authentication / authorization.
The user would login to www.company.com, and parts of the site will (seamlessly to the user, aside from the URL change) go to app.company.com
How can I have a seamless sign on experience with app.company.com? app.company.com would need to know who the authenticated user is, even though that user authenticated against www.company.com?
I have had the same situation in one of my project. Our solution was to use IdentityServer for SSO. You can configure IdentityServer to use your existing user database.
I have a windows azure application already running.(testing phase). Currently I use ACS authentication. users can log on with their windows live-ID. and this is all. no authorisation for now. I need to authorise users with different roles. plus I need also users to log on with different Identity providers like gmail and facebook. I have the idea to store profile information in a table (eg. Idp as partition key and User ID(which I get from the provider)as RowKey.)
Now I have have no idea how to give different roles and how to start? can any body give me a clear tutorial or just an idea how to begin with?
tnx
I suggest you take a look at the BlobShare application. This isn't a tutorial, but it's a complete application showing a few interesting concepts you could use:
The BlobShare Sample is a simple file sharing application that
demonstrates the storage services of the Windows Azure Platform,
together with the authentication and authorization capabilities of
Access Control Service (ACS).
http://blobshare.codeplex.com/
I have a web application that currently only supports asp.net forms authentication.
My user business logic currently is like:
Users.GetUserByID(userID);
Users.LoginUser(username, password);
i.e. it is pretty modular and I hope supporting active directory won't be difficult.
Is it possible for me to support both AD and forms? If yes, what do I do, simply insert a new user for someone who signs into using AD for the first time?
No the only thing you have to do is witch you membership provider with the Active Directory membership provider. However there are some major differences, the user will always come in logged in with a specific user name, so there will be no need for a username and password.
The default provider for AD is "windows integrate authentication" and this cannot mix-and-match with forms auth. However if you decide to implement a custom provider, then you can maintain your business logic. You will have to write AD integration code. And yes, using the API for AD you can automatically add users, if you wish.